
Chapter 14. Configuring Filters and Blocking Protocols
Now, you can add subrules to specify criteria for the rule:
5. On the Bridge Filter Configuration page, click
in the Action(s) column of the rule for
which you want to created a subrule.
The Bridge Filter Subrule - Add page displays:
Figure 65. Bridge Filter Subrule – Add Page
The page displays Enable and Disable radio buttons you use to
determine whether this sub rule is in effect. A rule will be in
effect if the rule itself and at least one of its subrules is enabled.
6. In the New Subrule Information table, specify the criteria for
the rule, as follows:
Field Description
Subrule ID
A unique ID number for this subrule. These numbers
are independent from the main rule number. The
bridge filter processes subrules in sequential order; if
a packet fails to match the criteria of any subrule,
then the rule will not be invoked and bridge filter
processing will continue to the next rule.
The number of bits into a packet, starting from a
designated location where the subrule comparison
should begin.
Offset from
The location in a Layer 2 packet where the subrule
comparison should begin, taking into account any
offset bits specified in the previous setting. The
comparison can start at the beginning of:
o a Link header (i.e., the start of an Ethernet
o an IP header
o a TCP, UPD, or ICMP header
The bits of the packet, specified in hexadecimal,
starting at the header and offset location, that should
be used when comparing data to this rule. A mask of
F0FF, for example, would look only at the 1st, 3rd,
and 4th bits from the starting location.